MarineX open source do it yourself altcoin cross exchange platform is just around the corner, I would like to share some of the new security features regarding account security and verification regarding the future account users.
Anonymity is an essential part as well as security in any exchange platform, at the current state of crypto currency exchanges account security and withdrawal verification is made over the email if they are made at all. Unfortunately this practice of requiring to take action to a sent email by the exchange operator to the withdraw requesting user makes all the exchange details public available on mail servers which are stored in plain text, it also creates undeniable proof of exchanged funds, whether you erase them from your mailbox or not they reside on mail servers and also on the exchange operators sent mail box in plain text. This information availability of traded coins nullifies the anonymity of all crypto currencies in existence whether they claim to have extra anonymity features or not it does not change the fact that this information as email records can be used against you and have the potential to make you an easy target for hackers who now know how many coins you have.
- Email verification is not practiced at all by banks to authorize transfers, usually SMS not private again
- Emailbox access from smartphones usually never ask for password
- Anyone that has access to your phone can authorize a withdrawal
- Authenticators are also in the same device and they are optional
Having a strong password guarantees nothing, Below, This is how your password looks like on a secure database. its hashed and rehashed with a random salt. Guess what happens when you copy the hashed password and salt combination from your username row to an others, his password becomes the same as your password and now can access to his portfolio like its yours, attackers who can do that can also update your email and target your account.
Computer code is mostly static, a function is a function. A withdrawal function on an exchange server checks for criteria to execute a withdrawal request it is much harder for attackers to change the code on a webserver.
Marinex is a do it yourself exchange, setting up an email server to send reliable withdrawal approval forms that does not end up in the users spam folder and protect the availability of the server from phishing attacks is costly and usually requires paid mail services which still compromises security and anonymity features of the crypto currency transfers domain.
Elliptic Curve Cryptography is the back-bone of all cryto currency block chains,
As the developer of Marinecoin and Marinex, I would like to introduce to you the SMSless, Emailless, Databaseless most secure, private and anonymous way to authorize account updates, withdrawal request and other security and privacy sensitive action that need one extra step of approval from the exchange operator.
At the heart of this security setting is the signed message function in our wallets that many of us see but not really care much about, and mostly likely chances are you have never actually used the signed message feature other than your curiosity if anything that is really useful.
Well that is all going to change and you will love it. Not only it will eliminate the need for setting up costly and hard to maintain email system to your server it will speed up exchange setup time significantly and provide a more worry free and pleasant experience for both you and the users of your exchange site.
During Registration notice the MTC address which is the key signature area.
- User select a regular Login password to do general trading
- Users provide a MTC Key Signature Wallet address which they hold the private key of
As you can see below I have provided the Marinecoin Security Pad which is an highly modified and simplified version of Brainwallet, that can be used offline as well as online detached from the Marinex exchanges, User can select a secret Pass-phrase and create a MTC public address and private key combination and provide the generated MTC address as his MTC Key Signature Wallet address which will identify his account from the rest. his secret Pass-phrase will never be hashed nor will it ever arrive to the database of the exchange server. It will be easy to remember and he can easily access his private key that matches his MTC Key Signature Wallet address so that he can sign the key verification codes to withdraw funds and change sensitive data at the convenience of his smart phone or even more securely on his Marinecoin QT wallet client.
Everytime you enter your Secretpassword you will generate the exact same MTC public and private keypair which the private part will you have only access of. ıt will never ever be transmitted over the internet or stored on a database as salted or in plain text. the same goes for the private key address which never needs to be transmitted back and forth from you to the Marinex exchange server.
A standard withdrawal request after some trading activity is as follows
Step 1 Enter your pass-phrase in the Marinecoin Security Pad which can be also downloaded and used offline as an HTML5 app, no internet connection needed.
You have now re-created the same MTC address and key pair for your private viewing, alternatively the user could have provided a Marinecoin QT wallet address during registration and sign from the QT client regardless he can import his private key to his QT wallet anytime he wants.
Step 2Now just select sign from drop down and sign the random generated key string the Marinex server provided, click sign message and copy paste the generated signed message. it took only a few seconds.
Step 3Click withdraw and there you have it, a success with TXid, this session could not get any secure than this.
Check Results on the block explorer
As you can see the successful withdrawal was made without ever giving away our password over the internet, without ever creating an email record of the details of the transaction request thus providing valuable anonymity and security.
Remember on Marinex one can setup and trade any crypto currency pair as long as MTC is also paired with the selected coins on the specific platform and meets the minimum MTC deposit requirements USD and BTC markets will activate automatically.
Sincerely
Marinecoin DEV
http://marinecoin.org
